You have a single Active Directory domain. All domain controllers run Windows Server 2008 and are configured as DNS servers. The domain contains one Active Directory-integrated DNS zone. You need to ensure that outdated DNS records are automatically removed from the DNS zone.

What should you do?

A.From the properties of the zone, modify the TTL of the SOA record.

B.From the properties of the zone, enable scavenging.

C.From the command prompt, run ipconfig /flushdns.

D.From the properties of the zone, disable dynamic updates.

Answer: B

Explanation:

To remove the outdated DNS records from the DNS zone automatically, you should enable Scavenging through Zone properties. Scavenging will help you clean up old unused records in DNS. Since "clean up" really means "delete stuff" a good understanding of what you are doing and a healthy respect for "delete stuff" will keep you out of the hot grease. Because deletion is involved there are quite a few safety valves built into scavenging that take a long time to pop. When enabling scavenging, patience is required.

D. Run auditpol.exe and then enable the Audit directory service access setting in the Default Domain policy.

Answer: A

Explanation:

To make sure the changes made to active directory objects are logged and the logs show the old and new values of any attribute, you should run audipol.exe and configure the security settings for the domain controllers Organizational Unit.

QUESTION NO: 3

Your company, Contoso, Ltd., has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com.

The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone.

You install a new domain controller named DC2 in the branch office. You install DNS on DC2.

You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WAN link fails.

What should you do?

A. Create a new stub zone named ad.contoso.com on DC2.

B. Create a new standard secondary zone named ad.contoso.com on DC2.

C. Configure the DNS server on DC2 to forward requests to DC1.

D. Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.

Answer: D

Explanation:

To make sure that the DNS service on TK2 can update records and resolve DNS queries in the event of a MAN link failure, you should convert maks.contoso.com on TK1 to an Active Directory-integrated zone. Active Directory-integrated DNS offers two pluses over traditional zones. For one, the fault tolerance built into Active Directory eliminates the need for primary and secondary nameservers.

Effectively, all nameservers using Active Directory-integrated zones are primary nameservers. This has a huge advantage for the use of dynamic DNS as well: namely, the wide availability of nameservers that can accept registrations. Recall that domain controllers and workstations register their locations and availability to the DNS zone using dynamic DNS.

In a traditional DNS setup, only one type of nameserver can accept these registrations—the primary server, because it has the only read/write copy of a zone. By creating an Active Directory-integrated zone, all Windows Server 2008 nameservers that store their zone data in Active Directory can accept a dynamic registration, and the change will be propagated using Active Directory multimaster replication.